6 Risks Your BYOD Policy Must Address

Strong company policies are a must for managing legal and other risks of personal devices used in the workplace. Are you addressing all the issues?

Six Ways The iPhone 5 and iOS 6 Amp Up Social Opportunities

(click image for larger view and for slideshow)

The lawyers at Foley & Lardner have a message for IT pros about BYOD: Resistance is futile!

That's not an exact quote but it's pretty close. The firm's IT and outsourcing practice recently conducted a webinar for companies grappling with employee-owned devices on and off their corporate networks and the long list of potential issues the BYOD model can cause.

Naturally, the event focused on the legal and related risks associated with BYOD. But it wasn't doom and gloom. The lawyers highlighted the positive potential outcomes of allowing employees to use their own mobile devices and other hardware at work, such as lower costs, improved employee productivity and satisfaction, and even hiring -- the presentation cited a Unisys report that found 44% of job hunters find an offer more attractive if the employer supports iPads. The bottom line: BYOD is happening whether you like it or not.

"At the end of the day, BYOD is not going anywhere," said Foley & Lardner partner Matthew A. Karlyn. "It's only going to increase."

That said, there are innumerable risks associated with allowing employees to use their personal smartphones, tablets, and other hardware for company business. Just as the head-in-sand strategy would be ill advised, so too would BYOD anarchy. Karlyn and his colleagues stressed the need for a strong, thorough policy that employees can actually understand. To that end, he advised regular education and training initiatives, both in person and online. Finally, he noted that policies must be enforced with meaningful consequences for rule-breakers; otherwise, rules are essentially worthless.

The lawyers noted that policy, training and enforcement specifics will vary by business. Highly regulated industries like healthcare and finance, for example, have an entire other set of concerns related to BYOD. But they highlighted just how complex the BYOD workplace can be -- and how specific your policy must be as a result.

A fundamental idea behind the policy-education-enforcement strategy is that the legal and other risks of BYOD can be reduced if both employer and employee clearly understand those risks and their roles and responsibilities in managing them. Consider these six specific issues that you and your employees might not be adequately addressing.

1. Data Is Discoverable.

Foley & Lardner partner Michael R. Overly began his part of the presentation by noting that BYOD devices might be discoverable in lawsuits. In English: Everything an employee does on her personal iPhone, for example, could be used as evidence in a lawsuit against her employer. Overly said that usually comes as a surprise to senior management when he does corporate training work. "More times than not, those executives are absolutely, positively astonished when we explain that when someone participates in a BYOD program, that device may be subject to discovery in litigation," he said.

Employees who assume they have a right to privacy -- it's "my" device, after all -- might likewise be in for a shock. The personal devices they use at work could be examined not only by their employer but by the other party in the lawsuit. Their social media, photographs, personal email, geo-location information and many other kinds of data could be pored over at length.

"Even though people may understand [the discovery process] in a general sense, [they] do not appreciate just how invasive a review like that can be," Overly said. "Which is why it's so important to make sure that people that elect to participate in a BYOD program understand that type of risk -- that, by participating, you're giving up certain rights."

2. Discovery Can Be Expensive.

If you have a come-one-come-all approach to BYOD -- as in "if we allow one device, we might allow them all" -- this might make you rethink it. Lawyers don't typically work cheap and discovery can get expensive. If employees are using not just one but two or more personal devices for work, you're potentially adding a multiplier to your legal costs in a lawsuit. That's because all of those devices might have to be turned over for discovery. In fact, there doesn't even need to be a lawsuit to incur such costs -- just the threat of one and a requirement for litigation hold. "This is a cost that needs to be built in and understood in connection with deciding whether a BYOD program is appropriate for your business," Overly said.

If any business is still up for having a BYOD policy after understanding the legal risks, then they are just plain crazy. Same for the employee who will fork over a good bit of their personal life as part of the, ahem, bargain.

I find it hard to believe that BYOD is more cost effective than an employer provided device when you look at the the total cost of ownership (TCO).

BYOD (short of insuring us IT types a good long career) is ridiculous on many fronts... legal, technical, security, privacy... ad nauseum.

My solution to this BYOD problem - tell my employer if they need to be to have a smart phone or a tablet, or a laptop, they can issue me a smart phone, a tablet, or a laptop. I don't like to mix business with personal, so the thought of using my personal phone/computers for work is not something I want to do.

"The personal devices they use at work could be examined not only by their employer but by the other party in the lawsuit."

This is why you WIPE all evidence from your phone after every call or every app used. No one spies on my private phone, ipad, or tablet. Its also helpful to have multiple fake name accounts on ALL social media. Learn to beat the busybody nosy types at their own game.

Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.

Worries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?